The tech world updates daily, and new developments are constant in many spheres. Hence, DevShorts is back with another issue to cover all of it. Like our previous week’s issue, this one is also filled with a lot of news covering tech conferences, open-source projects, and developer stories from around the globe that happened over the past weeks.
Must Read
Software Bill of Materials or SBOM, the accepted best practice of mapping components and dependencies of an application to chalk out the application’s risk, made its way to the cloud-native applications field by introducing the Kubernetes Bill of Materials or KBOM. SBOM can be used for assessing vulnerability, licence compliance, etc. Kubernetes is called the operating system of the cloud, and it stands as a critical piece of middleware between other layers like network, container runtime, storage, etc. It is complex and composed of several components that make up a cluster and thus makes it extremely important in your threat model. So, KBOM has been introduced, which is a manifest of all the important components that make up a Kubernetes cluster that can answer the version of those components and assess their vulnerability level. Learn more about it from this detailed article from Aquasec.
The performance of a database plays a critical role in a data-driven application. Poor designing of database indexes and a significant lack of them can become a major pain point for applications that rely on those large databases. When the size of a database increases, retrieving and manipulating data becomes important, and properly designed indexing is needed to achieve that efficiency. Learn all about database indexing and their know-how from this column from Bytebyetego.
Open AI catches the headlines once again. People who use the paid version of chat GPT will now have access to GPT 4 model. They are making the GPT 3.5 Turbo, Dall-E, and whisper API generally available to everyone. Several deprecations are taking place, including models using the Completions API and getting replaced by Chat Completions API, providing better results. The Edits API will also get deprecated, and the older embedding models will soon get replaced by the current recommending models that account for almost all the embedding API usage. More information can be found on the Open AI blog.
Resilient payment systems are a must for companies that are selling products at a large scale and at a fast pace. Shopify is a well-known giant in this space. They came up with principles that every organisation should follow while building a resilient payment system. While you can get the entire article from Shopify’s engineering blog, here is a more simplistic way to look at it from this scoop by Bytebytego.
There are exciting developments from the networking section as well. Recently, we discovered a loss of packets of data in transit while using the IP Virtual server’s native support for encapsulation. The engineering team at Cloudflare recently switched to that to reduce their operational toil. But to everyone’s surprise, they observed significant drops in bandwidths and failing API requests. This article from Cloudflare discusses extensively the root cause of this problem, its impact on the organisation, and the fix.
Next, we will see some scoops that recently impacted the tech world and will be good for tech enthusiasts to know.
Good to know
A new Typescript project is making some buzz. TySON or Typescript is an embeddable language that can be configured accordingly and generates JSON. It uses typescript syntax, types, comments, and basic logic to create JSON. All major programming languages can read configurations written in Typescript using native binaries. Check all about it from their GitHub repository here.
In the cloud-native space, there is a new open-source alert management system. Named Keep helps manage, test, create, and maintain your alerts in a single place. It creates alerts via intuitive syntax with existing tools like Grafana, Slack, etc. Check all about this project from their GitHub repository.
Open Telemetry is trending in the observability space. A lot of developers are trying to use it to perform several observability tasks. Thomas Stringer created a hands-on walkthrough using Open Telemetry to scrape and process Prometheus metrics. The article titled Ingest Prometheus Metrics with Open Telemetry walks you through it in detail.
Often in the SRE space, two incidents almost identical with the same failure modes, impact level, point of impact, and action points can be labelled as repeat incidents while not valid. One look at each incident’s response and variation can point out key distinctions that can tell that the incidents differ. Find more about it in this article published by Honeycomb.
An open-source project that stood out from the rest is LineSelect. It is a shell utility that can select lines from stdin and output them to stdout, and during that time, it pauses the pipeline. It makes selecting files accessible with the help of Linux commands like ls, grep log files, manage Docker containers, etc. Find out and contribute to the project by navigating to its GitHub repository.
Vercel recently launched a platform starter kit, a full-stack Next.js template for building multi-tenant applications with custom domains. Learn all about it from the official blog of Vercel.
Lastly, we will take note of some of the news and trends useful to the community.
Notable FYIs
SUSECON Digital just concluded recently, and not to everyone’s surprise, many topics related to cloud, Kubernetes, DevOps, etc., were discussed. Over 120 sessions have been delivered, with talks ranging from product and feature releases, to demos involving Kubernetes and other cloud-native topics. Particular emphasis has been given to technologies like K3s, and we have seen the introduction of new Rancher products like Rancher extensions, Rancher desktop, Rancher Prime hosted, etc. You can catch all the sessions by signing up to SUSECON Digital from here.
Proper usage of Open Telemetry can help you reduce cloud costs. Morgan McLean has penned a short article titled 5 Ways Open Telemetry can reduce cloud costs.
A lot of modern-day applications use microservices architecture. Here are nine best practices for developing a microservice from Bytebytego.
Recently, we have seen many outages in the AWS us-east-1 region. It is the most popular AWS region and comes with definite pros and cons. Jeff Martens discusses why many companies run in that particular region with his article on Metrist.
I hope you have enjoyed this issue, and if you have learnt new things and find it valuable, consider sharing it with your friends and colleagues. Needless to say, a sub to the newsletter will be awesome.
Team DevShorts 👋